summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2013-03-15- py-ssh.wiz1-2/+1
2013-03-15Remove a couple of commented unused linesdsainty1-4/+1
2013-03-15Mention that ZoneMinder benefits dramatically from using libjpeg-turbo.dsainty1-5/+13
2013-03-15SUBDIR+=zoneminderdsainty1-1/+2
2013-03-15How to get started setting up ZoneMinder.dsainty1-0/+44
2013-03-15ZoneMinder version 1.25.0:dsainty18-0/+1002
ZoneMinder is intended for use in single or multi-camera video security applications, including commercial or home CCTV, theft prevention and child, family member or home monitoring and other domestic care scenarios such as nanny cam installations. It supports capture, analysis, recording, and monitoring of video data coming from one or more video or network cameras attached to a system. ZoneMinder also support web and semi-automatic control of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use as a DIY home video security system and for commercial or professional video security and surveillance. It can also be integrated into a home automation system via X.10 or other protocols.
2013-03-14security/py-ssh is dead upstream.gls4-141/+0
As mentionned on the upstream page (https://github.com/bitprophet/ssh): "This library started life as a fork of Paramiko but has now been fully been merged back upstream. As such, 'ssh' is defunct and will receive no future releases or attention: please change your dependencies back to Paramiko, and file any feature requests or bugfixes over on Paramiko's tracker."
2013-03-14Update F-PROT Antivirus packages to 6.2.3.taca8-62/+34
F-PROT Antivirus for Unix, version 6.2.3 * Fixed a problem with multiple connections in fpscand. * Startup scripts have been tuned and improved. * fpscand now overrides the loglevel when run in foreground mode, forces it to 7 (DEBUG). * scan-mail.pl had trouble with multiple instances and temporary file cleanup, this had been fixed. * The installer now has the wrapper script option for fpscan as default.
2013-03-14Fix build on Solaristez1-1/+2
(per http://old.nabble.com/Re%3A-build-problem-p34365918.html)
2013-03-13Updated to 5.84wen2-6/+6
Upstream changes: 5.84 Sat Mar 9 17:36:08 MST 2013 - untweaked Makefile.PL to remove dependencies of SHA.c -- dependencies were breaking builds on VMS -- retaining dependencies provides too little benefit for cost of portable workaround 5.83 Mon Mar 4 08:12:00 MST 2013 - removed code for standalone C operation (no longer used) -- eliminates need for external symbols -- consolidates SHA and HMAC code -- reduces size of object files -- thanks to Marc Lehmann for suggestions - tweaked Makefile.PL to show dependencies of SHA.c 5.82 Thu Jan 24 04:54:12 MST 2013 - introduced workaround to SvPVbyte bug in Perl 5.6 -- module behavior now consistent under all Perls 5.6+ -- ref: new test script t/unicode.t -- SHA routines now always croak on wide chars (5.6+) - removed "static" message schedules from C code -- default "auto" is now just as fast -- thread-safe option (-t) no longer necessary -- still allowed, but ignored -- simplifies source and header files -- eliminates SHA_STO_CLASS and SHA_THREAD_SAFE -- ref. Bug #82784 -- thanks to Steve Hay for initial patch - provided documentation to describe Unicode handling -- ref: Bug #82378 - updated documentation of NIST statement on SHA-1
2013-03-13Changes 1.10.4:adam6-244/+10
This is a bugfix release. Fix null PKINIT pointer dereference vulnerabilities [CVE-2012-1016, CVE-2013-1415] Prevent the KDC from returning a host-based service principal referral to the local realm.
2013-03-13Convert SASL_DBTYPE variable to option framework, and add gdbm support.obache3-19/+46
Fixes db name extension in DEINSTALL script for other than ndbm. Bump PKGREVISION.
2013-03-12Update security/ipv6-toolkit to version 1.3.3agc2-10/+7
This minor update incorporates the "--tgt-known-iids" option, which can be used to track systems across networks, even if they employ the so-called "Privacy Address" (and yes, that includes Microsoft Windows systems).
2013-03-09Update to 1.10.0.gdt2-7/+7
Upstream appears to have no changelog or NEWS; the included README is about changes in 1.8.0. Browsing github makes this look like minor features and bugfixes.
2013-03-07Use OVERRIDE_GEMSPEC instead of modifying gemspec file.taca2-23/+3
2013-03-06Added log2timelinepettai1-1/+2
2013-03-06log2timeline is a framework built to automatically create a superpettai3-0/+59
timeline using information found within various log files and other files that contain timestamps. The tool can be used to augment traditional timeline analysis where the focus has generally been on solely the timestamps found within the filesystem itself. The tool is also capable of outputting into various formats that can be used to either import into analysis tools or to read directly using whatevery suits you (spreadsheet/vim/less/...)
2013-03-06Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.jym2-8/+7
Changelog: Version 4.55, 2013.03.03, urgency: HIGH: Security bugfix OpenSSL updated to version 1.0.1e in Win32/Android builds. Buffer overflow vulnerability fixed in the NTLM authentication of the CONNECT protocol negotiation. See https://www.stunnel.org/CVE-2013-1762.html for details. New features SNI wildcard matching in server mode. Terminal version of stunnel (tstunnel.exe) build for Win32. Bugfixes Fixed write half-close handling in the transfer() function (thx to Dustin Lundquist). Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee). Restored default signal handlers before execvp() (thx to Michael Weiser). Fixed memory leaks in protocol negotiation (thx to Arthur Mesh). Fixed a file descriptor leak during configuration file reload (thx to Arthur Mesh). Closed SSL sockets were removed from the the transfer() c->fds poll. Minor fix in handling exotic inetd-mode configurations. WCE compilation fixes. IPv6 compilation fix in protocol.c. Windows installer fixes.
2013-03-03Update to 2.21. Changes:shattered2-7/+6
- Added google search for indexable directories - Changed X scan debug output so it won't give output all the time - Fixed major bug in googlescan - Added sendmail < 8.12.9 check
2013-03-03Fix inline use.joerg3-1/+70
2013-03-02Bump PKGREVISION for mysql default change to 55.wiz5-9/+10
2013-03-02Flatten a variable size union to a alloca'd buffer.joerg2-1/+80
2013-03-02Use vector instead of variable length array of non-POD type.joerg2-1/+19
2013-03-02Reset maintainer to "pkgsrc-users@NetBSD.org".tron21-42/+42
2013-03-02The distfile changed on the master site after the original digest wasagc3-21/+8
created, so put the new version of the distfile into a DIST_DUBDIR. New distfile has been verified to contain the pkgsrc patch -- which actually caused the change in the distfile.
2013-03-01Upgrade to address CVE-2013-1775kim6-133/+63
What's new in Sudo 1.7.10p7? * A time stamp file with the date set to the epoch by "sudo -k" is now completely ignored regardless of what the local clock is set to. Previously, if the local clock was set to a value between the epoch and the time stamp timeout value, a time stamp reset by "sudo -k" would be considered current. What's new in Sudo 1.7.10p6? * The tty-specific time stamp file now includes the session ID of the sudo process that created it. If a process with the same tty but a different session ID runs sudo, the user will now be prompted for a password (assuming authentication is required for the command). What's new in Sudo 1.7.10p5? * On systems where the controlling tty can be determined via /proc or sysctl(), sudo will no longer fall back to using ttyname() if the process has no controlling tty. This prevents sudo from using a non-controlling tty for logging and time stamp purposes. What's new in Sudo 1.7.10? * If the user is a member of the "exempt" group in sudoers, they will no longer be prompted for a password even if the -k flag is specified with the command. This makes "sudo -k command" consistent with the behavior one would get if the user ran "sudo -k" immediately before running the command. * The sudoers file may now be a symbolic link. Previously, sudo would refuse to read sudoers unless it was a regular file. * The user/group/mode checks on sudoers files have been relaxed. As long as the file is owned by the sudoers uid, not world-writable and not writable by a group other than the sudoers gid, the file is considered OK. Note that visudo will still set the mode to the value specified at configure time. * /etc/environment is no longer read directly on Linux systems when PAM is used. Sudo now merges the PAM environment into the user's environment which is typically set by the pam_env module. * The initial evironment created when env_reset is in effect now includes the contents of /etc/environment on AIX systems and the "setenv" and "path" entries from /etc/login.conf on BSD systems. * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo file is now uses to determine the controlling terminal, if possible. This allows tty-based tickets to work properly even when, e.g. standard input, output and error are redirected to /dev/null. * The sudoreplay command can now properly replay sessions where no tty was present. * Fixed a race condition that could cause sudo to receive SIGTTOU (and stop) when resuming a shell that was run via sudo when I/O logging (and use_pty) is not enabled.
2013-02-28Provide a buildlink file for libsodiumagc1-0/+12
2013-02-28add and enable libsodiumagc1-1/+2
2013-02-28Import libsodium-0.3 into the Packages Collection. Provided by csosstudy E.agc4-0/+71
in PR 47600. NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools. libsodium is a library for network communication, encryption, decryption, signatures, etc. libsodium is a portable, cross-compilable, installable, packageable, API-compatible version for NaCl. One minor change was to take the "check" target out of the post-build state and put it into the TEST_TARGET definition.
2013-02-28Add patch for CVE-2013-1415 (SA52390)tez3-3/+28
2013-02-26Fix linking fdpassing.joerg3-5/+44
2013-02-23Add ane enable netpgpverifyagc1-1/+2
2013-02-23Initial import of netpgpverify-20120928 into the Packages Collectionagc12-0/+1927
netpgpverify is a standalone program to verify a PGP signature on a file or document. Both RSA and DSA signatures are supported, as are binary and document signatures. netpgpverify is compliant with RFC 4880. netpgpverify is a small frontend for libnetpgpverify, to allow PGP digital signatures to be verified from the command line.
2013-02-23Add and enable libnetpgpverifyagc1-1/+2
2013-02-23Initial import of libnetpgpverify-20120928, a library to verify PGPagc40-0/+13204
signatures. This library has no pre-requisites other than -lz and -lbz2. This is libnetpgpverify, a standalone library to verify PGP signatures. It uses its own internal MPI/BIGNUM functions, which are a vastly cut-down version of libtommath. For this reason, utilities and other libraries can embed PGP signature verification, using a BSD-licensed library.
2013-02-22Update homepage URLs.shattered2-4/+4
2013-02-21OpenDNSSEC 1.3.13 - 2013-02-20pettai2-7/+6
Bugfixes: * OPENDNSSEC-388: Signer Engine: Internal serial should take into account the inbound serial. * OPENDNSSEC-242: Signer Engine: Could get stuck on load signconf while signconf was not changed. * Signer Engine: Fixed locking and notification on the drudge work queue, signals could be missed so that drudgers would stall when there was work to be done.
2013-02-17Revbump all elisp packages after emacs changes.dholland1-2/+2
2013-02-16Update ipv6-toolkit from 1.3beta to 1.3agc3-15/+14
Changes since previous version: + Minor documentation updates + gmake no longer needed to build + updated patch - still needed to quieten compiler for ctype warnings (reported upstream)
2013-02-16Fix incorrect expansion (use PYPKGPREFIX instead of hardcoded py27)wiz1-2/+2
2013-02-16Recursive bump for png-1.6.wiz39-78/+78
2013-02-15recursive bump from boost-lib shlib update.obache1-2/+2
2013-02-14Update to 1.7.1. From the changelog:schmonz2-6/+6
* Fix autoconf issues...
2013-02-13Oops, forgot to "cvs rm" an obsolete patch file.taca1-67/+0
Thanks to wiz@ noted via mail.
2013-02-13Update OpenSSL to 1.0.1e. ("Corrected fix" was already incorporated in pkgsrc.)taca2-8/+6
OpenSSL version 1.0.1e released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1e of our open source toolkit for SSL/TLS. This new OpenSSL version is a new feature release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Corrected fix for CVE-2013-0169
2013-02-12update to 3.0.28drochner2-9/+7
changes: bugfixes This prevents the recent TLS CBC padding timing attack (CVE-2013-1619).
2013-02-11Fix the package name to reflect that this is version 1.3betaagc1-2/+2
2013-02-11Add and enable ipv6-toolkitagc1-1/+2
2013-02-11Initial import of the SI6 ipv6-toolkit, a security assessment andagc5-0/+110
troubleshooting package for ipv6, into the Packages Collection. This is version 1.3b. The SI6 Networks' IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. flow6: A tool to perform a security asseessment of the IPv6 Flow Label. frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects. icmp6: A tool to perform attacks based on ICMPv6 error messages. jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms. na6: A tool to send arbitrary Neighbor Advertisement messages. ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets. ns6: A tool to send arbitrary Neighbor Solicitation messages. ra6: A tool to send arbitrary Router Advertisement messages. rd6: A tool to send arbitrary ICMPv6 Redirect messages. rs6: A tool to send arbitrary Router Solicitation messages. scan6: An IPv6 address scanning tool. tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks.
2013-02-11Depends on rubygems when ruby's version is 1.8.7.taca1-3/+4
Bump PKGREVISION.